{"id":"CVE-2017-9436","details":"TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php.","aliases":["GHSA-cm26-gp8j-w6xf"],"modified":"2026-04-10T04:02:23.684518Z","published":"2017-06-05T14:29:00.700Z","references":[{"type":"FIX","url":"https://github.com/nilsteampassnet/TeamPass/blob/master/changelog.md"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nilsteampassnet/teampass","events":[{"introduced":"0"},{"last_affected":"82031ba660c0b96f9a89b490c5764e678827953b"},{"introduced":"0"},{"last_affected":"4eae4d88c861ab978afd1df5888646d3d3d8a747"},{"introduced":"0"},{"last_affected":"4eae4d88c861ab978afd1df5888646d3d3d8a747"},{"introduced":"0"},{"last_affected":"83aa145ea2924bedfc164af0f6ecf22295ea3278"},{"introduced":"0"},{"last_affected":"2c31ec9f31ec761c987459384256579304e93f43"},{"introduced":"0"},{"last_affected":"4525a5a6d98a6297fde79e9130ca20855b6d2195"},{"introduced":"0"},{"last_affected":"7d18b9b63f12c357ac5dea04031198425bb899f2"},{"introduced":"0"},{"last_affected":"0f766077d173692ed2857cbafa72d0e1123322af"},{"introduced":"0"},{"last_affected":"1014398f412725b1dd52c2f8d82f116d7416b453"},{"introduced":"0"},{"last_affected":"d11a1d2d60da988063bdefaf9e549ee80fe4b9f2"},{"introduced":"0"},{"last_affected":"88ede565574b12c97055a0d6b16b3125fad862f0"},{"introduced":"0"},{"last_affected":"e62fa829d9c02deca36184e6d8c988901f0e0347"},{"introduced":"0"},{"last_affected":"9faef0aa06ecfa335538ce40c07816d4f46865c7"},{"introduced":"0"},{"last_affected":"1d69ff82156f608b75297fbac777c22acb44aff6"},{"introduced":"0"},{"last_affected":"e955e6ca6e08fd2242cd77b238f4cd4865a4c76b"},{"introduced":"0"},{"last_affected":"b897c9f86e44ea0b20f0d90324ae59df671e2c3f"},{"introduced":"0"},{"last_affected":"a0257ea679d07cff79e35900a8ae9189838dfdfb"},{"introduced":"0"},{"last_affected":"d90575aee7cc6a25d0e2e8ba34652c347cf1a9c1"},{"introduced":"0"},{"last_affected":"0cd49c15e31dd82c7d11803de160927e1e68d598"},{"introduced":"0"},{"last_affected":"f1f9a1c4287fdd870a262a226750b16a4374a8a7"},{"introduced":"0"},{"last_affected":"b29bab80e696ee90a8eef1d2727ee5efd269c411"},{"introduced":"0"},{"last_affected":"0a81bd2a651e9a1096d022c61d1bf35e0e7008bf"},{"introduced":"0"},{"last_affected":"1b72901f75b4606495d04ba038aa9e522c3e17c1"},{"introduced":"0"},{"last_affected":"307d009e273045be7dcb862e30a821b62685a6e8"},{"introduced":"0"},{"last_affected":"9c8386798c41399879ec3666bc901e0191dc2c04"},{"introduced":"0"},{"last_affected":"9c8386798c41399879ec3666bc901e0191dc2c04"},{"introduced":"0"},{"last_affected":"95bc951762adbd88984486769ae8382107133519"},{"introduced":"0"},{"last_affected":"fe2c4ca4638f4eb780a19fd9171a9cdd6857eb22"},{"introduced":"0"},{"last_affected":"024cfaec96e3ecef3c60b40349747c285cbb7528"},{"introduced":"0"},{"last_affected":"a673983b0f460fc90a6027f80dfc12c261b15a87"},{"introduced":"0"},{"last_affected":"6ba3e39a2a41ab1bc9194a5663ef652c2ac93d5d"},{"introduced":"0"},{"last_affected":"b11f978e2096ad9573d3d35c1ef557ad50d884e8"},{"introduced":"0"},{"last_affected":"151f7564ec888c3525a7d6b0dbdd31b2449dc571"},{"introduced":"0"},{"last_affected":"4781e8bd0c1cb7c7b84ffcf080f9a9a2090d34c5"},{"introduced":"0"},{"last_affected":"bc3977ab1bc0846e53743c0817074e8dc11d0914"},{"introduced":"0"},{"last_affected":"7782b1dde29371fd5321bddb8eb0216233d150db"},{"introduced":"0"},{"last_affected":"68ace1b112e7aa676f7aa837373d365ed1d94a5c"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.1.23.1"},{"introduced":"0"},{"last_affected":"2.1.23.2"},{"introduced":"0"},{"last_affected":"2.1.23.3"},{"introduced":"0"},{"last_affected":"2.1.23.4"},{"introduced":"0"},{"last_affected":"2.1.24.0"},{"introduced":"0"},{"last_affected":"2.1.24.1"},{"introduced":"0"},{"last_affected":"2.1.24.2"},{"introduced":"0"},{"last_affected":"2.1.24.3"},{"introduced":"0"},{"last_affected":"2.1.24.4"},{"introduced":"0"},{"last_affected":"2.1.25.0"},{"introduced":"0"},{"last_affected":"2.1.25.1"},{"introduced":"0"},{"last_affected":"2.1.25.2"},{"introduced":"0"},{"last_affected":"2.1.26"},{"introduced":"0"},{"last_affected":"2.1.26.0"},{"introduced":"0"},{"last_affected":"2.1.26.1"},{"introduced":"0"},{"last_affected":"2.1.26.2"},{"introduced":"0"},{"last_affected":"2.1.26.3"},{"introduced":"0"},{"last_affected":"2.1.26.4"},{"introduced":"0"},{"last_affected":"2.1.26.5"},{"introduced":"0"},{"last_affected":"2.1.26.6"},{"introduced":"0"},{"last_affected":"2.1.26.7"},{"introduced":"0"},{"last_affected":"2.1.26.8"},{"introduced":"0"},{"last_affected":"2.1.26.9"},{"introduced":"0"},{"last_affected":"2.1.26.10"},{"introduced":"0"},{"last_affected":"2.1.26.11"},{"introduced":"0"},{"last_affected":"2.1.26.12"},{"introduced":"0"},{"last_affected":"2.1.26.13"},{"introduced":"0"},{"last_affected":"2.1.26.14"},{"introduced":"0"},{"last_affected":"2.1.26.15"},{"introduced":"0"},{"last_affected":"2.1.26.16"},{"introduced":"0"},{"last_affected":"2.1.26.17"},{"introduced":"0"},{"last_affected":"2.1.26.18"},{"introduced":"0"},{"last_affected":"2.1.26.19"},{"introduced":"0"},{"last_affected":"2.1.27.0"},{"introduced":"0"},{"last_affected":"2.1.27.1"},{"introduced":"0"},{"last_affected":"2.1.27.2"},{"introduced":"0"},{"last_affected":"2.1.27.3"}]}}],"versions":["2.1.20","2.1.23.1","2.1.23.2","2.1.23.3","2.1.23.4","2.1.24.0","2.1.24.1","2.1.24.2","2.1.24.3","2.1.24.4","2.1.25.0","2.1.25.1","2.1.25.2","2.1.26","2.1.26-final","2.1.26-final-2","2.1.26-final-3","2.1.26.0","2.1.26.1","2.1.26.10","2.1.26.11","2.1.26.12","2.1.26.13","2.1.26.14","2.1.26.15","2.1.26.16","2.1.26.17","2.1.26.18","2.1.26.19","2.1.26.2","2.1.26.3","2.1.26.4","2.1.26.5","2.1.26.6","2.1.26.7","2.1.26.8","2.1.26.9","2.1.27.0","2.1.27.1","2.1.27.2","2.1.27.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-9436.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.1.20.0"}]},{"events":[{"introduced":"0"},{"last_affected":"2.1.22.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}